ALT Linux repos
| S: | 9.16.41-alt1 |
| 5.0: | 9.3.6-alt5 |
| 4.1: | 9.3.6-alt4.M41.2 |
| +updates: | 9.3.6-alt4.M41.1 |
| 4.0: | 9.3.6-alt4.M41.1 |
| +updates: | 9.3.6-alt4.M41.1 |
| 3.0: | 9.2.4.rel-alt2 |
Group :: System/Servers
RPM: bind
Navigation
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
18 may 2023 Stanislav Levin <slev at altlinux.org> 9.16.41-alt1
- 9.16.38 -> 9.16.41.
- 9.16.37 -> 9.16.38.
- 9.16.36 -> 9.16.37 (fixes: CVE-2022-3094, CVE-2022-3736, CVE-2022-3924).
- 9.16.35 -> 9.16.36.
- Skip flaky dupsigs test (GL #3665).
- 9.16.34 -> 9.16.35.
- 9.11.37 -> 9.16.34 (closes: #40170).
- Built with libidn2 (closes: #24573).
- Fixed Url (closes: #43556).
- 9.11.36 -> 9.11.37 (fixes: CVE-2021-25220).
- 9.11.32 -> 9.11.36 (fixes: CVE-2021-25219).
- 9.11.31 -> 9.11.32.
- 9.11.28 -> 9.11.31 (fixes: CVE-2021-25214, CVE-2021-25215, CVE-2021-25216).
- 9.11.25 -> 9.11.28 (fixes: CVE-2020-8625).
- Backported fix for man pages (closes: #39350).
- 9.11.22 -> 9.11.25.
- 9.11.20 -> 9.11.22 (fixes: CVE-2020-8622, CVE-2020-8623, CVE-2020-8624).
- 9.11.19 -> 9.11.20 (fixes: CVE-2020-8619).
- Placed Linux capabilities dropping under control(1).
- Re-applied the lost patch.
- 9.11.18 -> 9.11.19 (fixes: CVE-2020-8616, CVE-2020-8617).
- 9.11.13 -> 9.11.18.
- 9.11.12 -> 9.11.13 (fixes: CVE-2019-6477).
- 9.11.10 -> 9.11.12.
- Fixed integration with ipa-dnskeysync.
- 9.11.9 -> 9.11.10.
- 9.11.8 -> 9.11.9.
- 9.11.7 -> 9.11.8 (fixes: CVE-2019-6471).
- 9.11.6.P1 -> 9.11.7.
- 9.11.6 -> 9.11.6.P1 (fixes: CVE-2018-5743).
- Fixed support for GSSAPI (closes: #36429).
- 9.11.5.P4 -> 9.11.6.
- 9.11.5 -> 9.11.5.P4 (fixes: CVE-2018-5744, CVE-2018-5745, CVE-2019-6465).
- 9.11.4.P2 -> 9.11.5.
- 9.11.4.P1 -> 9.11.4.P2.
- Build with new openssl1.1.
- 9.11.3 -> 9.11.4.P1 (fixes: CVE-2018-5738, CVE-2018-5740).
- 9.11.2.P1 -> 9.11.3
- Build with libjson support (statistics channels)
- 9.11.2 -> 9.11.2-P1 (fixes: CVE-2017-3145).
- Fix lack of rndc.key in non-chrooted bind (closes: #34292).
- 9.10.6 -> 9.11.2.
- 9.10.5-P3 -> 9.10.6.
- 9.10.4-P8 -> 9.10.5-P3
(fixes: CVE-2017-3140, CVE-2017-3141, CVE-2017-3142, CVE-2017-3143).
- 9.10.4-P6 -> 9.10.4-P8 (fixes: CVE-2017-3136, CVE-2017-3137, CVE-2017-3138).
- bind.service: pass $CHROOT to named-checkconf (closes: #33239).
- bind.init: check named configuration on startup.
- 9.10.4-P5 -> 9.10.4-P6 (fixes CVE-2017-3135).
- 9.9.9-P5 -> 9.10.4-P5 (closes: #30124, #32590).
- Enabled multiprocessing support.
- bind: bind.service: fixed EnvironmentFile.
- bind: options.conf: fixed typo in comment (closes: #31359).
- bind: enabled "fixed" ordering support in rrset-order statement.
- bind: packaged named-rrchecker.
- bind: imported "dynamic-db" statement support from Fedora
(by Sergey Bolshakov). - bind: placed chrooted mode under control(1) (by Sergey Bolshakov).
- bind-devel: packaged bind9-config.
- bind-utils: packaged delv.
- 9.9.8-P4 -> 9.9.9-P5.
- Implemented early drop of linux capabilities.
- Applied upstream fix for CVE-2016-8864.
- Applied upstream fix for CVE-2016-2776.
- Update to ftp://ftp.isc.org/isc/bind9/9.9.8-P2/bind-9.9.8-P4.tar.gz
- Build with --enable-fetchlimit (Closes: #31701)
- Update to ftp://ftp.isc.org/isc/bind9/9.9.8-P2/bind-9.9.8-P3.tar.gz
- Update to ftp://ftp.isc.org/isc/bind9/9.9.8-P2/bind-9.9.8-P2.tar.gz
- Update to ftp://ftp.isc.org/isc/bind9/9.9.7-P3/bind-9.9.7-P3.tar.gz
- Update to ftp://ftp.isc.org/isc/bind9/9.9.7-P2/bind-9.9.7-P2.tar.gz
- Update to ftp://ftp.isc.org/isc/bind9/9.9.7-P1/bind-9.9.7-P1.tar.gz
- CVE-2015-5477 fix
- Update to ftp://ftp.isc.org/isc/bind9/9.9.6-P1/bind-9.9.6-P1.tar.gz
- Update to ftp://ftp.isc.org/isc/bind9/9.9.6/bind-9.9.6.tar.gz
- Fix old style autoheader AC_DEFINE
- Enable ratelimits (Closes: #30398)
- Provide initial rndc_keygen (Closes: #28034)
- Build with GSSAPI
- Updated to ftp://ftp.isc.org/isc/bind9/9.9.5-P1/bind-9.9.5-P1.tar.gz
- Update to ftp://ftp.isc.org/isc/bind9/9.9.5/bind-9.9.5.tar.gz
- Don't package bind9-config (in favour of lib*-export)
- Update to ftp://ftp.isc.org/isc/bind9/9.9.4-P1/bind-9.9.4-P1.tar.gz
- (CVE-2013-6230 is fixed in this version)
- Update to ftp://ftp.isc.org/isc/bind9/9.9.4/bind-9.9.4.tar.gz
- Update to ftp://ftp.isc.org/isc/bind/9.9.3-P2/bind-9.9.3-P2.tar.gz
- Update to ftp://ftp.isc.org/isc/bind9/9.9.3-P1/bind-9.9.3-P1.tar.gz
- Update to ftp://ftp.isc.org/isc/bind9/9.9.3/bind-9.9.3.tar.gz
- Drop alt-isc-config.patch
- Update to ftp://ftp.isc.org/isc/bind9/9.9.2-P2/bind-9.9.2-P2.tar.gz
- Turn regex support off
- Service file fixup
- Update to 9.9.2-P1 (CVE-2012-5688 and bugfixes)
- Add systemd service file (from FC)
- Fix pidfile recreation try on reload
- Replace index IDs in patches to dummy ones
- Version up to 9.9.2 (CVE 5166 included)
- Version up to 9.9.1-P3 (6 middle versions jump!)
- Drop outdated patches (including CVE 5166, this is insecure build)
- Adapt actual patches
- Imported fixes for several vulnerabilities from RH bind-9.3.6-20.P1.5
(CVE-2012-{1033,1667,4244,5166}).
- Imported fixes for several DNSSEC vulnerabilities from RH bind
(CVE-2009-4022, CVE-2010-0097, CVE-2010-3762, CVE-2011-4313);
note that DNSSEC is not enabled by default. - Enabled IPv6 support.
- Fixed RPATH issue.
- Rebuilt with libcrypto.so.10.
- Backported upstream fix for a remote DoS bug (CVE-2009-0696).
- Removed resolver(5) manual page (closes: #19784).
- options.conf:
+ Removed root-delegation-only directive.
+ Added interface-interval directive example. - Made "max open files" limit by default as large as default "max sockets" limit.
- Updated to 9.3.6-P1 release.
- Updated to 9.3.6 release.
- Implemented automatic fdsets expansion to overcome FD_SETSIZE limit.
- Updated to 9.3.5-P2 release.
- Updated to 9.3.5-P1 release (fixes VU#800113/CVE-2008-1447).
- Updated to 9.3.5 release.
- options.conf: Added recursing-file directive.
- Updated L.ROOT-SERVERS.NET: 198.32.64.12 -> 199.7.83.42.
- Updated to 9.3.4-P1 release (fixes CVE-2007-2926).
- rndc-confgen: Revert previous change.
- Changed startup script to use /dev/urandom as a source
of randomness during rndc key generation.
- rndc-confgen: Restore default key size (#11321).
- Updated to 9.3.4 release.
- Rebuilt due to libcrypto.so.4 -> libcrypto.so.6 soname change.
- Updated to 9.3.3 release.
- Updated to 9.3.3 RC3.
- Updated to 9.3.3 RC2.
- Updated to 9.3.2 P1.
- Updated to 9.3.2 release.
- Fixed /etc/syslog.d/bind bug introduced in previous release:
/etc/syslog.d/* must be absolute symlinks.
- Updated to 9.3.1 release.
- Synced with Owl's bind-9.3.1-owl1 package.
- Applied few fixes from RH and SuSE bind packages.
- Merged all shared libraries into single package, libbind.
- Replaced -debug and -slave subpackages with control facilities.
- Converted absolute symlinks into relative.
- Fixed build of queryperf utility on x86_64 platform (closes #6083).
- Updated to 9.2.4 release (== 9.2.4rc8).
- Updated to 9.2.4rc8.
- Renamed subpackage according to soname change:
libdns11 -> libdns16. - Updated startup script to make use of new "status --lockfile" option.
- Updated to 9.2.4rc5.
- Updated patches.
- Rebuilt with openssl-0.9.7d.
- Updated build dependencies.
- Do not build static library by default.
- Updated to 9.2.3 release.
- Rediffed patches.
- Do not package .la files.
- named.8: fixed reference to the BIND 9 Administrator Reference Manual.
- Updated to 9.2.3rc4.
- Renamed subpackage according to soname change:
libdns10 -> libdns11. - Replaced "delegation-only" defaults implemented in previous release
with new option, root-delegation-only, and enabled it by default.
- Updated to 9.2.3rc2.
- Renamed subpackage according to soname change:
libdns9 -> libdns10. - Marked all known gTLDs and ccTLDs as delegation-only by default.
- Merged patches from OpenBSD, thanks to Jarno Huuskonen:
+ write pidfile before chroot (#2866);
+ use chroot jailing by default, no -u/-t options are necessary; - Make named-checkconf use chroot jail by default (Jarno Huuskonen).
- options.conf: added few samples (#2968).
- Updated to 9.2.3rc1.
- Removed alt-lib_dns_rootns patch (merged upstream).
- Explicitly disable use of linux capabilities.
- Renamed subpackages according to soname changes:
libdns8 -> libdns9, libisc4 -> libisc7.
- Fixed message from 'service bind reload' (#0002411).
- Moved 'include "/etc/rfc1912.conf";' directive
from bind.conf to local.conf (#0002791). - Rewritten start/stop script to new rc scheme.
- Updated to 9.2.2 release.
- Relocated initial rndc key generation from %post to startup script.
- Added some information about ALT specific to named(8) and rndc(8).
- Added README.ALT.
- Migrated to 9.2.2rc1.
- Build --with-libtool --with-openssl --disable-ipv6 --disable-threads.
- Do not package contrib.
- Package queryperf utility.
- Package each shared library separately:
libdns8 libisc4 libisccc0 libisccfg0 liblwres1. - Package lwresd separately (chrooted to /var/resolv).
- Moved /var/lib/bind/zone/slave to separate subpackage, bind-slave.
- Moved /var/lib/bind/var/run to separate subpackage, bind-debug.
- Added nslookup(1) and resolver(5) manpages from bind8.
- Minor manpage corrections.
- isc-config.sh: fixed --cflags.
- libdns: updated root_ns list to 2002110501.
- rndc-confgen: added "-A" option support.
- Implemented default rndc settings.
- named: patched to get correct chroot jailing support.
- Updated chroot jail and relocated it to /var/lib/bind:
default CE is now readonly. - Renamed /etc/rc.d/init.d/named to /etc/rc.d/init.d/bind.
- Merged caching-nameserver into bind package.
- Split named.conf into several configurations files.
- Added more rfc1912 zones by default.
- Added rfc1918 zones (not enabled by default).
- Security fixes from ISC:
+ 1469. buffer length calculation for PX was wrong.
+ 1468. ns_name_ntol() could overwite a zero length buffer.
+ 1467. off by one bug in ns_makecannon().
+ 1466. large ENDS UDP buffer size could trigger a assertion.
+ 1465. possible NULL pointer dereference in db_sec.c
+ 1464. the buffer used to construct the -ve record was not
big enough for all possible SOA records. use pointer
arithmetic to calculate the remaining size in this
buffer.
+ 1463. use serial space arithmetic to determine if a SIG is
too old, in the future or has internally constistant
times.
+ 1462. write buffer overflow in make_rr(). - Changed named.init:
+ added condreload();
+ fixed argument for "-c" option. - Changed bind chroot jail:
+ removed /var/lib;
+ removed /etc/{host,nsswitch}.conf;
+ added /etc/{protocols,services}. - Use subst instead of perl in %post script.
- Dont't calc perl dependencies for -contrib.
- Updated code to 8.3.3 release.
- Explicitly use mksock from fileutils.
- Fixed build when glibc-core-archopt is installed.
- Updated packager information.
- Updated code to 8.3.1 release.
- Fixed bind to use /dev/null from core system.
- Make use of syslogd-1.4.1-alt9 /etc/syslog.d/ feature.
- Renamed /etc/chroot.d/named.* to /etc/chroot.d/bind.*
- Relaxed dependencies (conflicts instead of requires).
- 8.2.5
- Corrected manpages according to chrooted scheme.
- More manpages moved to man-pages package.
- Moved chroot from /var/named to /var/lib/named (according to FHS).
- Merged bind-chroot into main package.
- Updated scripts to handle new syslogd.
- Removed restart support from named.
- 8.2.4
- Updated PreReqs.
- Fixed %devel subpackage.
- Pacthed db_defs.h to ease finding errors.
- Added %triggerpostun.
- Added call for chrooted environment adjustment before server start.
- 8.2.3
- Ported to new chrooted scheme.
- 8.2.2_P7
- Moved chrooted environment to separate subpackage.
- Removed few manpages, obsoleted by new man-pages package.
- xfer tmpdir patch
- chrooted environment fix
- fixed startup script to exit with error if no configuration available
- updated to rpm-3.0.4
- 8.2.2-P3
- chrooted environment
- doc and contrib packages
- optimal manpage compression
- Fandra adaptions
- Add lame server patch
- 8.2.1
- Mandrake adaptions
- add ISC patch
- add quick hack to make host not crash
- add more docs
- add probing information in the init file to keep linuxconf happy
- dont strip libbind
- auto rebuild in the new build environment (release 3)
- removed 'done' output at named shutdown.
- version 8.2
- patch to use the __FDS_BITS macro
- build for glibc 2.1
- change named.restart to /usr/sbin/ndc restart
- install man pages correctly.
- change K10named to K45named.
- don't start if /etc/named.conf doesn't exist.
- autmagically create /etc/named.conf from /etc/named.boot in %post
- remove echo in %post
- merge in 5.1 mods
- Several essential modifications to build and install correctly.
- Modified 'ndc' to avoid deprecated use of '-'
- Used buildroot
- patched bin/named/ns_udp.c to use <libelf/nlist.h> for include
on Redhat 5.0 instead of <nlist.h>